5 Fast and Easy Ways to Secure your WordPress WebsiteRead this post in 4 mins flat!

WordPress is quite simply the most popular website development option out there - about 30% of websites are made from WordPress.

Some more stats:

  • In 2017, 4,000 WordPress installs were infected with Malware because of a fake SEO plugin.
  • Out of 8,000 virus infected websites…Wordpress accounted for 74% of them!
  • 8% are due to terrible passwords.

STATS FROM: https://www.codeinwp.com/blog/wordpress-statistics/ 

No one wants to be hacked, it’s the worst – I promise! One of my clients (before they were my client) were getting hacked multiple times a year. The malware that attacked them deleted content and made their site look a mess.

It was a headache for them constantly – never mind the added expense of always having to pay to have it removed (FYI – since being with me, they haven’t had any attacks).

However, you can do your best to avoid this by doing these 5 fast and easy things:


Crappy passwords aren’t good for anything, especially for your business website!

If you have used a password ANYWHERE else, you cannot use it again. Please don’t do this.

You can try a software like I use called Keeper Security – it locks down all of my passwords…which means I really only have to remember ONE password. As long as I can access Keeper, I can access any passwords.

Or try creating tougher passwords with 12 letters (at least 2 uppercase), 2 numbers and 2 symbols.

I cannot stress how important this is for everything you do, not just your website.


Every time something changes with security, WordPress updates. They are VERY good at keeping things as secure as they can.

Make sure you update WordPress. Most installs are about 3-4 behind; that’s crazy!

Check every single week to see if there’s a new update – or better yet, let it AUTO update so you don’t even have to worry about it.

An old WordPress install is a huge vulnerability.

If you’re scared to update, then  pull a back-up of your whole site first. I use a plugin called Duplicator for this. It’s easy and does the job really well.


When WordPress is first installed it automatically creates an Admin account and SO often people just leave this as is.

Do not do this.

Instead, customize the Admin account name to be something more unusual, like “main23wp”.

On top of that, NEVER use your username as the default for author name. Always change that to show their first name instead of their username.

Handing over usernames to hackers just gives them one less thing to do when they want access to your site!

Stop helping them.


You can edit core WordPress files right from the dashboard (when you login to you website), which means, so can hackers!

Make it harder for them!

Stop allowing edits to take place this way. Access to your core files should only be available via FTP or the File Manager via your host.

While this is slightly more advanced, it’s simple enough that anyone can do it.

Again, and ALWAYS, if you’re worried, pull a full back-up before you do this. Here are the quick steps to do this:

  1. Login to your core files using FTP or your File Manager.
  2. Find the wp-config.pho file.
  3. Add the following code to the file:
// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

Once complete, you will no longer be able to EDIT files under the Dashboard (Appearance).


Files, plugins, and themes that just sit there doing nothing are just calling to hackers to use them in their plans.

So, always delete things you don’t use or need.

  • Deactivating a plugin is not enough, if you don’t use it – delete it!
  • Many people will install a couple of themes when they’re unsure about what one they want to use. Make sure that you delete the ones you did not choose and all but 1 of the WordPress standard themes (I always keep the latest one just in case I need it).
  • Delete these unnecessary files via FTP or File Manager:
    • Readme.html
    • Wp-config-sample.php
    • /wp-admin/install.php


There are still so many more things you can do. I actually complete 17 security items when I start a new project for a client.

If you have any questions, please let me know.

Get my 10 ways your website is saying "NO!" to your clients!

Share this post!

Share on linkedin
Share on twitter
Share on facebook
Share on pinterest
Share on reddit
Share on whatsapp
Share on email

More Great stuff:

Leave a Reply

Your email address will not be published. Required fields are marked *

Grab your free 30+ page ebook on the 27 Remarkable Ways To Land More Clients For Your Small Business

BrashBerry is a creative marketing agency near Toronto, Canada. We work with small to medium sized businesses helping them build online and offline growth strategies that give them a massive boost to achieving their goals.

We believe in collaboration, empowerment, trust and wicked-good customer service.

“Once you’re one of our clients, you’re forever part of our family.”

~Amanda Ross, Owner of BrashBerry

© 2021 BrashBerry | Send us an email and we’ll reply within 24-business hours (M-F 9-5pm EST, excluding holidays). Privacy Policy

Let's Talk!

We’ll reply within 24-business hours (Monday-Friday, 9-5 EST, excluding holiday) to set up a 15 minute Zoom chat.

Get 27 Remarkable Ways To Land More Clients For Your Small Business straight to your inbox!